We host a svn repository for multiple projects and business files on apache. This really is utilized by multiple developers plus some project folders also by clients. Example layout is:

svn/ourcompany/business
svn/ourcompany/projects
svn/ourcompany/projects/proj1
svn/ourcompany/projects/proj2
svn/ourcompany/projects/proj3

Formerly our svn.accessfile looked the following:

[groups] 
admin = jd 
programmer = jd,pr1,pr2

[ourcompany:/]
@admin = rw

[ourcompany:/business]
@admin = rw

[ourcompany:/projects]
@admin = rw
@programmer = rw

[ourcompany:/projects/proj1]
client1a = rw
client1b = rw
webclient = rw

Today we discovered that this setup leads to a 403 error for webclient1 on ourcompany:/projects/proj1

After a little research a contractor recommended to include

[groups] 
admin = jd 
programmer = jd,pr1,pr2

[ourcompany:/]
* = r
@admin = rw

[ourcompany:/business]
* =
@admin = rw

[ourcompany:/projects]
@admin = rw
@programmer = rw

[ourcompany:/projects/proj1]
client1a = rw
client1b = rw
webclient = rw

But that now means I have to add

*= 

to each single project within the project folder ???

Can someone suggestions about how permissions in svn.accessfile operate in the folder hierarchy?

apache virtual host below

    <VirtualHost ipadress:80>

            ServerName subversion.ourcompany.com
            ServerAdmin webmaster@ourcompany.com
            DocumentRoot /var/www/subversion.ourcompany.com
            DavLockDB /var/lock/apache2/DavLock 

            <Location /svn>
                    DAV svn
                    SVNParentPath /var/svn
                    SVNListParentPath on
                    SVNAutoversioning on
                    SVNIndexXSLT "/repos-web/view/repos.xsl"
                    #ModMimeUsePathInfo on
                    AuthzSVNAccessFile /etc/apache2/svn.accessfile
                    AuthType Basic
                    AuthName "SVN"
                    AuthUserFile /etc/apache2/svn.passwd
                    Require valid-user

                    # compress as much as possible
                    SetOutputFilter DEFLATE
                    SetInputFilter DEFLATE
                    # Don't compress images
                    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
            </Location>

            <IfModule mpm_itk_module>
                    AssignUserId www-data www-data
            </IfModule>

            DeflateFilterNote Input instream
            DeflateFilterNote Output outstream
            DeflateFilterNote Ratio ratio

            LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%) %s' deflate
            CustomLog /var/log/apache2/svn-deflate.log deflate
            CustomLog /var/log/apache2/svn-access.log "%t %u %{SVN-ACTION}e" env=SVN-ACTION
            ErrorLog /var/log/apache2/svn-error.log


    </VirtualHost>

What you want to achieve:

webclient to gain access to ourcompany:/projects/proj1 only and also to don't have any read use of ourcompany:/projects The second might be accomplished by placing a *= into each subfolder of ourcompany:/projects, but that's not practiable.